Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Overseas and Secure Column / Cyber Security News / Columns

Checklist: 24 Steps for Data Security While Traveling Abroad

When traveling overseas, there is already plenty of work to do in terms of planning, packing and then actually traveling.

When traveling overseas, there is already plenty of work to do in terms of planning, packing and then actually traveling. When we travel, the data we carry and our Internet habits can put our individual privacy and data security at risk. As an example, the U.S. State Department's Bureau of Consular Affairs 2014 Sochi Olympics advisory states: “Travelers should be aware that Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls and fax transmissions.” This article addresses some best practices that can be taken before, during, and after travel to secure data – both your personal data and corporate data – and protect your individual privacy.

 

Before Traveling:

1)         Limit or minimize any data taken to include removable media such as CDs, DVDs and thumb drives.

2)         Consider a company-owned “loaner” cellphone, laptop and/or tablet to limit the loss of both corporate and personal data if the device is lost, stolen or confiscated by officials.

3)         Perform a full device back up and secure with a strong password. Store it in a secure location while you are away.

4)         Inform banks and credit card companies of travel plans to include dates, locations and any special instructions. International transactions are typically flagged as fraud, and purchases may be delayed or your card cancelled without advanced travel notice.

5)         Consider using virtual credit card numbers that offer one-time use and are disposable, yet will display on the credit card bill.

6)         Pack only essential ID, credit and debit cards. Leave the others in a secure location.

7)         Update data protection software such as operating systems, anti-malware, anti-virus, security patches and others prior to departure.

8)         Install full-disk encryption on laptops.

9)         Use the U.S. State Department website (www.state.gov) to prepare and familiarize yourself with:

a.      Information on the country of travel.

b.      Export control laws concerning sensitive equipment, software and technology (that includes encryption).

c.      Security testing/hacker tools are also forbidden and illegal in some countries.

10) Update or configure device passwords by:

a.      Configuring the use of at least four-digit passwords (longer if supported).

b.      Changing all passwords on all devices and use different passwords on each.

c.      Configuring automatic wiping settings to wipe the device’s data after a pre-determined number of passcode entry failures.

 

While on Travel:

1)         You have no reasonable expectation of privacy in some countries.

a.      Phone calls, electronic communications and even hotel rooms may be monitored as a standard practice. Sensitive or confidential conversations, transactions or data transfer should be kept to a minimum until you return home.

b.      Be prepared to turn on and off devices, and present all removable media for customs officials. You may be asked to decrypt data for inspection at international borders. In some countries, withholding your password is a criminal offense.

2)         Use the same rules for your personal and company devices to separate acceptable social networking communications versus sensitive transactions. Understand there is a difference between sharing a photo on social networking versus connecting to your bank or credit card company.

3)         Use safe ATMs in public areas during daylight. Cover PIN entry and cash output as much as possible.

4)         Determine the availability and cost of purchasing a local cellphone, or buy local SIMs. Prepaid local phones limit costs by not working after exceeding a maximum number of minutes. They are cheaper for local calls and have better connectivity. Buying local SIMs, especially PAYG, adds a level of anonymity, which may be good for privacy/security.

5)         Use trusted VPN connections as much as possible. If you don’t have a VPN available, use HTTPS connections as much as possible.

6)         Connections in cyber cafes, public areas and hotels can be safe with a VPN, but should otherwise be considered insecure and probably monitored by unsavory agents. Physical PCs in such places may contain keystroke logging or other malicious methods to gather your information.

7)         Do not loan your device to anyone, or attach unknown devices such as thumb drives. Thumb drives are notorious for computer infections.

8)         Disable device illicit access via wireless technologies by:

a.      Using airplane mode to disable or suspend all connectivity.

b.      Disabling Wi-Fi when not in use. Wi-Fi ad-hoc mode or unsecure file sharing enables direct access to devices.

c.      Disabling Bluetooth when not in use (or set it to “hidden,” not "discoverable”). Consider rental car Bluetooth PBAP (Phone Book Access Profile)  functionality loads the entire address book, while Bluetooth (Personal Area Network) functionality enables connections with other Bluetooth devices.

9)         Report lost or stolen devices as soon as possible to whomever it concerns. This might include your company, mobile provider, hotel, airline, insurance company and/or local authorities. Local authorities have a better chance to find stolen property if it is reported stolen as soon as you know it is missing.

 

Upon Returning Home:

1)         Return the loaner device(s).

2)         Have all devices, media and thumb drives reviewed for malware, unauthorized access or other corruption. Do not connect it to a trusted network until you have tested it for malware.

3)         If the device is found to be compromised, reformat it and rebuild it from trusted sources/media. Then restore data from backups taken before the trip.

4)         After ensuring your devices are secure and not compromised, change all business and personal passwords. If possible, change the passwords for things like corporate accounts, banks, etc., using a device other than the one you traveled with.

5)         Inform your bank or credit card companies of your return and review transactions.

6)         Continue to monitor your business and personal financial institution transitions for unauthorized or unapproved use.

 

These practices may seem cumbersome, but they provide essential protections to ensure data security and privacy while traveling abroad. Depending on the industry, company or affiliations, there could be even more restrictions, so it is best to check with your company’s legal or IT department before travel. Regardless of business or personal travel, protect all of your electronic devices with the same level of vigilance because there are no reasonable expectations of privacy in many countries today.

 

About the Author:

 Edward P. Yakabovicz, CISSP, CIPP/IT, CIPM, is a Principal Information Assurance Engineer for the Center of Cyber Security Innovation at Lockheed Martin Corporation. He has 25 years of business experience within top five financial corporations, the U.S. Government, and Lockheed Martin global customers. As a subject matter expert in cybersecurity and privacy, he currently holds a master’s degree in Information Assurance from Norwich University and is currently an Information Assurance Doctorate student at Capitol College in Maryland. Yakabovicz’s most recent experience includes being a co-author of the International Association of Privacy Professionals (IAPP) Certified Information Privacy Manager (CIPM) certification textbook. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.